There was a recent divestiture and we are in the process of amalgamating systems under a single domain
Based on the requirement from the Department of Energy listed below:
"Ensure individuals will have access to the controlled information governed by
Part 810 only as needed for their responsibilities and that they will not have access to classified information, or
information deemed to be sensitive nuclear technology, while employed by company"
Is there away to grant a system administrator access through ADUC so that they can do everything they need in a specific region (Canada / US) without allowing them access to commercially sensitive data or classified information? ACL's and security groups
should be suffice correct?
Some of the "Administrators" duties would include:
ADUC administration (limited capacity, group management, adding servers, login scripts, powershell), Troubleshooting, Backup and Restores, SCCM administration, Networking, Software Installations, VMware, configuration management, Server deployment, among
a few others.
Could the forest be setup the following way to enable this based on the model below?
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/using-the-organizational-domain-forest-model
Also a rough non-biased opinion, this is a smaller company1000 employees, how long would this take to configure and setup?